« Previous Next »

• 08-04-2009, 2:01 PM

  javon7065 Joined on 08-03-2009, 8:50 PM Posts 9

  Remote Management issue - error using a low privledged domain user Reply Contact  Hello. When trying to connect at the site level, I get the below error after clicking on Finish at the "Specify a Connection" screen:   "There was an error when trying to connect. Do you want to retype your credentials and try again? Details: Requested registry access is not allowed"  Of course, when I connect using my account that is a domain admin, there is no issues Any ideas? thanks, joe

• 08-04-2009, 4:38 PM

  In reply to

  jeff@zina.com Joined on 09-26-2003, 10:43 AM Naples, FL, USA Posts 2,100	Re: Remote Management issue - error using a low privledged domain user Reply Contact javon7065: Any ideas?   Use an account that has the required registry permissions or grant your account those permissions. Jeff Look for Wrox's new book Professional IIS 7 in your local bookstore, or order now at Amazon.com

• 08-04-2009, 4:49 PM

  In reply to

  javon7065 Joined on 08-03-2009, 8:50 PM Posts 9	Re: Remote Management issue - error using a low privledged domain user Reply Contact  Jeff, I guess what I need to find out is what are the required registry permissions? My account works fine since I am a member of the local admin group via Domain Admins membership. I'd like to enable this to work for folks who are NOT part of the local admin group

• 08-04-2009, 6:39 PM

  In reply to

  CarlosAg Joined on 02-19-2003, 2:23 AM Posts 336

  Re: Remote Management issue - error using a low privledged domain user Reply Contact That is weird, we should not require access to any registry key while connecting. Just to double check, you are trying to access remotely a server (which has WMSVC-Management Service enabled and running) with a user that is not an administrator and you have granted permissions using the IIS Manager Permissions feature for that user. on the client you use "Connect to Site" and specify that user and password. I'm suspecting that this could be happening on the client rather than on the server, so could you please use Process Explorer on the server (filtering by WMSVC) http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx and on the client filtering by inetmgr.exe and see where its happening.

• 08-05-2009, 9:45 AM

  In reply to

  javon7065 Joined on 08-03-2009, 8:50 PM Posts 9

  Re: Remote Management issue - error using a low privledged domain user Reply Contact  Hello CarlosAG. Thanks for the response. Yes, to your questions above. And to add more detail, I have the management service using Windows credentials only. The below message is what I get consistently after a logon attempt in the application log:   IISWMSVC_LOGIN_UNKNOWN_ERROR An unexpected error occurred while retrieving the login information. Exception:System.Security.SecurityException: Requested registry access is not allowed.    at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)    at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)    at Microsoft.Web.Management.Utility.FeaturesUtility.IsInstalled(String featureRegistryKeyName)    at Microsoft.Web.Management.Iis.Modules.ModulesModuleProvider.SupportsScope(ManagementScope scope)    at Microsoft.Web.Management.Server.ManagementUnit.GenerateModuleDefinitions()    at Microsoft.Web.Management.Server.ManagementUnit.get_ModuleDefinitions()    at Microsoft.Web.Management.Server.ManagementUnit.RetrieveModules(WebManagementInfo info, Boolean isLocal)    at Microsoft.Web.Management.Server.ManagementUnit.GenerateManagementInfo(Boolean retrieveModules, Boolean retrieveUrl)    at Microsoft.Web.Management.Server.FrameworkModuleService.GetWebManagementInfo(Boolean retrieveModules, Boolean retrieveUrl) The Zone of the assembly that failed was: MyComputer Process:WMSvc User=DOMAIN\pgptest

• 08-05-2009, 11:15 AM

  In reply to

  javon7065 Joined on 08-03-2009, 8:50 PM Posts 9

  Re: Remote Management issue - error using a low privledged domain user Reply Contact I ran process monitor on the server while connecting from the workstation as the user, filtering on WMSVC: Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} 10:36:49.6398753 AM            wmsvc.exe               2012        RegOpenKey            HKU\S-1-5-21-903162274-1763063872-709122288-9616    NAME NOT FOUND   Desired Access: Maximum Allowed 10:36:49.6399220 AM            wmsvc.exe               2012        RegOpenKey            HKU\.Default           ACCESS DENIED   Desired Access: Maximum Allowed   Seems like a new key is trying to be created and that's where the registry permissions are coming into play. this was trying to be created as LOCAL_SERVICE

• 08-05-2009, 11:16 AM

  In reply to

  javon7065 Joined on 08-03-2009, 8:50 PM Posts 9

  Re: Remote Management issue - error using a low privledged domain user Reply Contact I ran process monitor on the server while connecting from the workstation as the user, filtering on WMSVC: Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} 10:36:49.6398753 AM            wmsvc.exe               2012        RegOpenKey            HKU\S-1-5-21-903162274-1763063872-709122288-9616    NAME NOT FOUND   Desired Access: Maximum Allowed 10:36:49.6399220 AM            wmsvc.exe               2012        RegOpenKey            HKU\.Default           ACCESS DENIED   Desired Access: Maximum Allowed   Seems like a new key is trying to be created and that's where the registry permissions are coming into play. this was trying to be created as LOCAL_SERVICE

• 08-05-2009, 11:33 AM

  In reply to

  javon7065 Joined on 08-03-2009, 8:50 PM Posts 9

  Re: Remote Management issue - error using a low privledged domain user Reply Contact I ran process monitor on the server while connecting from the workstation as the user, filtering on WMSVC: Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} 10:36:49.6398753 AM            wmsvc.exe               2012        RegOpenKey            HKU\S-1-5-21-903162274-1763063872-709122288-9616    NAME NOT FOUND   Desired Access: Maximum Allowed 10:36:49.6399220 AM            wmsvc.exe               2012        RegOpenKey            HKU\.Default           ACCESS DENIED   Desired Access: Maximum Allowed   Seems like a new key is trying to be created and that's where the registry permissions are coming into play. this was trying to be created as LOCAL_SERVICE

• 08-09-2009, 3:12 AM

  In reply to

  CarlosAg Joined on 02-19-2003, 2:23 AM Posts 336	Re: Remote Management issue - error using a low privledged domain user Reply Contact That is weird, could you confirm which permissions are set on the following Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp\Components You can do that using Regedit.exe and expanding the tree untill the components folder is shown. Right-click and choose "Permissions". Also, is your user member of "Users" ?

• 08-10-2009, 12:21 PM

  In reply to

  javon7065 Joined on 08-03-2009, 8:50 PM Posts 9

  Re: Remote Management issue - error using a low privledged domain user Reply Contact I figured this out. I finally got burned by removing the Domain Users and Authenticated Users groups from the local Users group on a machine. This was the problem. Read rights to certain registry keys are required and by default, the local Users group has them. Putting my test user on the group solved the problem.   CarlosAg, thanks for reminding me about process monitor.